NetDetector Has Total Recall

A product that's just a few months old is providing a way of taking the long view in network security.

SECURITY
A product thats just a few months old is providing a way of taking the long view in network security.

Niksun Inc. (www.niksun.com) takes a new approach with its Net- Detector by building a network traffic analyzer with intrusion-detection system features. The rack-mountable NetDetectors key difference is that it is designed to be purchased with large amounts of disk storage (up to a terabyte is supported), so the product can capture days to weeks of network traffic.

Using this traffic log, NetDetector can look for slow port scans as well as detect traffic anomalies over time. Its only rule-based and doesnt support detection of attacks using packet signatures the way most intrusion-detection systems do.
NetDetector can also be used as a forensics tool, displaying actual bytes transmitted by and sent to a remote system (see screen). An archived copy of network traffic can be invaluable if a cracker succeeds in wiping out server logs or if servers arent configured to track user activity.

Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.